Abstract
In an effort to increase the transparency of personal data processing carried out via applications listed on their mobile store, Apple recently announced the launch of privacy nutrition labels (PNLs). Aimed at informing users about an application's use of data, these card-like labels are prominently visible on each application's App Store page. This paper explores whether such disclosures made via PNLs can help data controllers fulfil their duty of transparency under the EU General Data Protection Regulation (GDPR). It establishes that the PNLs, in their current, highly standardised fashion, cannot convey the mandatory obligations required by the GDPR. Added to this, they cannot adequately supplement existing privacy policies, either — as they neither serve an adequate role as a ‘first layer’ of a privacy notice, nor help communicate information more efficiently. However, the paper finds that the PNLs might serve another purpose: enhancing data controllers' internal compliance routines. PNLs, even with their current limitations, can bring tangible improvements to cross-functional communication, third-party sharing awareness, records of processing accuracy, adherence to the data protection principles and adequate resource assignment. The overall conclusion of the paper, counterintuitive as it might appear, is that PNLs should be viewed as an organisational measure-enhancing mechanism rather than a transparency tool.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
